Security News > 2023 > October

Companies are challenged with the growing need to connect everything in their business while maintaining control over their security, productivity, and competitive growth, according to Cloudflare. This has introduced new risks and challenges and led nearly 40% of organizations to agree or strongly agree that they are losing control over their IT and security environments.

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution, according to security researchers. "The issues in TorchServe - an optional tool for PyTorch - were patched in August rendering the exploit chain described in this blog post moot," a Meta spokesperson told The Register.

The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon sued his own insurance company for failing to cover his legal costs. Who is SBF... Sam Bankman-Fried co-founded cryptocurrency exchange FTX and served as its CEO. He also co-founded Alameda Research, a hedge fund intertwined with FTX. SBF stepped down late last year and has been charged with fraud over allegations FTX and Alameda, among other things, siphoned billions in people's deposits to fund luxury lifestyles, invest in a whole range of businesses, and gamble on digital assets.

A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld. The GNU C Library is the GNU system's C library and is in most Linux kernel-based systems.

Users are now encouraged to take a break and indulge in a surfing game while waiting for their systems to update, as first spotted by The Verge while installing Windows 11 on a Surface Laptop Studio 2. Initially launched in May 2020 when bundled with the Microsoft Edge web browser, the Surf game is a modern rendition of the classic SkiFree game, part of Microsoft's Entertainment Pack 3 for Windows 3.0, released in October 1991.

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds. Starting February 1st, 2024, Google will require senders dispatching over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains to strengthen defenses against email spoofing and phishing attempts.

Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. CVE-2023-4211 is an actively exploited flaw impacting multiple versions of Arm Mali GPU drivers used in a broad range of Android device models.

The TorchServe flaws discovered by the Oligo Security research team can lead to unauthorized server access and remote code execution on vulnerable instances. Due to insecure deserialization in the SnakeYAML library, attackers can upload a model with a malicious YAML file to trigger remote code execution.

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws,...

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on...